REMARKS 

No claims have been amended, cancelled, or added. Hence, Claims 1 - 40 are pending in 
the Application. 

SUMMARY OF REJECTIONS/OBJECTIONS 

Claims 1 - 5 and 21 - 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application Publication No. US 2002/0143735 (herein "Ayi") in view of U.S. Patent 
No. 5,787,428 (herein "Hart"). 

Claims 6-20 and 26 - 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,859,966 (herein "Hayman") in view of Ayi. 

CLAIMS 1-5 AND 21 -25 

Declaration Under 37 CFR 131 

The Declaration and Exhibits A, B, C and D attached to the Reply to Office Action 
mailed October 18, 2004, were presented to offer sufficient evidence that there was an actual 
reduction to practice prior to the reference date of Ayi. The evidence offered presented both 
facts and data with clear explanations to show the completion of an implementation of Claims 1 
-5 and 21 -25. 

The Office Action alleges that the Declaration and Exhibits A, B, C and D filed under 37 
CFR 1.131 to overcome Ayi is defective because the declaration is not signed by all of the 
inventors. This is simply not true. Our records, including an Acknowledgment Receipt from the 
USPTO dated October 22, 2004, indicate that three Declarations under 37 CFR 1.131 were 
executed and mailed on October 18, 2004, each with a different inventor's signature. Inventors 
Rae K. Burns and Patrick F. Sack provided an S-Signature and inventor Vikram Reddy Pesati 
provided a handwritten signature. Thus, the Declarations are not defective. 
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I. 1 

Reduction to Practice 

The Office Action is based on a misunderstanding of the facts and law. First, the Office 
Action alleges that the declaration attempts to show conception of the invention prior to the 
effective date of the reference (3/30/2001) coupled with due diligence from prior to the reference 
date to the filing date (1 1/30/2001) of the application. This is plainly false. Applicants are not 
attempting to show conception or due diligence, only reduction to practice. 

MPEP 715.07 III describes three ways an applicant may show reduction to practice: "(A) 
reduction to practice of the invention prior to the effective date of the reference; or (B) 
conception of the invention prior to the effective date of the reference coupled with due diligence 
from prior to the reference date to a subsequent (actual) reduction to practice; or (C) conception 
of the invention prior to the effective date of the reference coupled with due diligence from prior 
to the reference date to the filing date of the application (constructive reduction to practice)" 
(emphasis added). 

Paragraph 2 of the declaration states: "We make this declaration for the purpose of 
establishing a reduction to practice of the inventions disclosed and claimed in the Application at 
a date prior to March 30, 2001, the effective filing date of U.S. Patent Application Publication 
No. US 2002/0143735, herein Ayi." 

It is thus quite clear that Applicants have chosen to show reduction to practice via the 
route indicated in (A) above, i.e., reduction to practice of the inventions prior to the effective 
date of the reference. If paragraph 3 of the declaration confused the Examiner in any way, it 
should not have. Paragraph 3 states: "We conceived and reduced to practice an implemented of 
claims 1 - 5 and 21-25 before the filing date of Ayi." By proving reduction to practice of the 
inventions prior to the effective date of the reference (as stated in paragraph 2), it is both logical 
and intuitive that the Applicants must have also conceived of the inventions prior to the effective 



OID 2001-090-01 



3 



date of the reference. Paragraph 2 plainly indicates the purpose of the declaration, which is to 
establish reduction to practice of the inventions. 

Therefore, every statement in the Office Action regarding conception and due diligence is 
of no consequence. Applicants are not proving either conception or due diligence, only 
reduction to practice of the inventions prior to the date of the Ayi reference. 

Second, the Office Action states: "The affidavit or declaration and exhibits must clearly 
explain which facts or data [applicant] is relying on to show completion of his or her invention 
prior to the particular date" (MPEP 715.07 I). The Office Action further states: "Applicant must 
give a clear explanation of the exhibits pointing out exactly what facts are established and relied 
on by [applicant]" (MPEP 715.07 I). 

However, the declaration was specific in detailing that the contents of the exhibits were 
actual test scripts and results run on an implementation of the invention prior to the priority date 
of Ayi. For example, "5. Attached as Exhibit A is a true and correct print out of substantially all 
of test script file 'tzlasOl.sql'. The test script was used to test the implementation". Declaration, 
par. 5. The declaration clearly explained that Exhibit A was a test script and that this script was 
used to test the implementation. The statement, along with similar statements for Exhibits B, C, 
and D, is not vague and does not present general allegations. "9. Exhibits A, B, C and D are 
submitted as probative of the fact that the successful tests referred to in paragraph 4 were 
executed before the filing date of Ayi." Declaration, par. 9. 

Third, the Office Action states: "The statement... recited in paragraphs] 2, 3 and 4 are 
general allegations] that the invention was complete[d] prior to the date of the 
reference... without a statement of facts demonstrating the correctness of this conclusion, is 
insufficient to satisfy 37 CFR 1.131." This is incorrect. The declaration and exhibits do not 
present general allegations but show evidence that an implementation was made and that tests on 
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that implementation were successfully run prior to the reference date of Ayi. A working 
implementation indicates that there was also an actual reduction to practice prior to the reference 
date of Ayi. 

Fourth, the Office Action states: "The exhibits must be comprehended to one [with] 
ordinary skill in the art and concepts must support by accompanying with the claims." The last 
clause is difficult to understand because it lacks grammatical sense. Although there is no 
requirement in the law or rules that a declaration under 37 CFR 1.131 has to state that 
accompanying exhibits must be comprehended by one with ordinary skill in the art, it is 
respectfully submitted that at least three with ordinary skill in the art comprehend Exhibits A, B, 
C, and D - namely the inventors of the present application. 

The attached declaration and exhibits present sufficient evidence that an implementation 
of Claims 1 - 5 and 21 - 25 was developed and successfully tested before the effective filing 
date of Ayi, March 30, 2001 . Therefore, Claims 1 - 5 and 21-25 were reduced to practice by 
the inventors before the effective filing date of Ayi. Ayi cannot be used as a valid basis for 
rejecting Claims 1 - 25 under 103(a). Reconsideration and allowance of Claims 1 - 5 and 21 - 
25 is requested. 

CLAIMS 6 AND 26 

Claims 6 and 26 recite: 

registering, with a database management system, one or more packages of routines, 

wherein each package of said one or more packages implements a security model 
that supports a model set of one or more policies of the database policy set and 
said each package includes an access mediation routine; 
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associating a first policy of a first model set in a first package with a first table within the 
database system; and 

invoking the access mediation routine in the first package for determining whether to 
allow operation on data in the first table based on the first policy. 

Claims 6 and 26 require "registering, with a database management system . . . one or more 
packages of routines, wherein each package . . . implements a security model . . . and said each 
package includes an access mediation routine," and "invoking the access mediation routine [to 
determine] . . . whether to allow operation on data in the first table." This feature is not disclosed 
or suggested by Hayman. 

As a preliminary matter, Ayi may not be used as prior art with respect to these claims. A 
reference is not allowed when the invention claimed is actually reduced to practice prior to the 
effective date of the reference. The Declaration, Exhibits, and arguments presented previously 
provide sufficient evidence to show that the claimed invention had been reduced to practice prior 
to the effective date of the Ayi application. For this reason alone, the rejection is improper. 
Nevertheless, features of Claims 6 and 26 are not taught or suggested by Hayman. 

First, the Office Action alleges that the "applicant admits that registering one or more 
packages of routines are well known in the art" on page 17 of the Specification. This is plainly 
incorrect. The italicized sentence below is taken completely out of context. The applicable 
language from the Specification states: 

In step 212 a first security model package is registered with the security manager 132 of the database server 
130. In some embodiments, the database security administrator designs and develops the security model 
package. In some embodiments the security model package is provided by the developer of the security 
manager 132, or is provided by a third party vendor, so that a database administrator does not have to 
develop her own package. For example, a security model package 1 10 that supports a compartmented 
security model is provided by the developer of the security manager, and the database security 
administrator registers the package 1 1 0 with the database server 130. Any manner known in the art for 
registering the package at the time the package is registered can be used. For example, the database 
security administrator types in a name of the file containing the package in a dialog box of a 
graphical user interface for the security manager 132 of the database server 130 (page 17, paragraph 57) 
(emphasis added). 
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Clearly, what is meant by "any manner known in the art for registering the package at the time 
the package is registered can be used" is that the manner in which a package is identified for 
being registered is not important (e.g., dialog box of a GUI or DOS command). However, 
nothing in the Specification implies or suggests that previous database systems actually register 
one or more packages of routines as claimed (i.e., wherein each package implements a security 
model and includes an access mediation routine). 

The Office Action also asserts that "Hayman teaches incorporate [ing] and installing] 
security software which inherently includes registering one or more packages of routines." The 
paragraphs cited by the Office Action in support of this assertion state that a "Session Monitor 
has been designed to be extensible, in the sense that the owner of the security system can 
incorporate their own software to change access mode of a user or administrator" (col. 8, line 66 
- col. 9, line 14). Thus, the Office Action equates the Session Monitor with a package of 
routines. 

The Session Monitor, however, "controls the manner in which a user or administrator 
initially gains access to the system, and the manner in which a user or administrator changes 
from their current mode of access to a different mode (for example, from user to administrator)" 
(col. 8, lines 55-60), whereas Claim 6 requires that a policy from a package of routines is 
associated with a table within the database system. There is no teaching or suggestion in 
Hayman that the Session Monitor associates a policy with a table in a database system, nor that 
the Session Monitor itself is associated with a table, much less any other form of data. 

The Office Action also cites paragraphs in Hayman that describe a Reference Monitor. 
"The Reference Monitor is the entity that mediates all requests for access to an object by a 
subject, and thus controls whether, and to what extent, the subject is granted access to the object" 
(col. 9, lines 56-59). However, the reference does not disclose that this may be registered so that 
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it can be customized and implemented by the user. Indeed, it was described in a version of Data 
General's security system as being "tightly integrated with Data General's operating system" 
(col. 1, lines 26-28). This indicates that customization is not readily possible and that the 
Reference Monitor is actually an embedded native software component of the security system, 
not a separate module that needs to be registered. Again, this is all in contradiction to the 
elements of Claims 6 and 26. 

Remember, the first requirement of Claims 6 and 26 is "registering, with a database 
management system, one or more packages of routines. . . ." These packages of routines are 
separate from the label-based security policies which govern whether operations can be 
performed on particular data. This is significant because it allows the routines to be administered 
and customized separate from the label-based security policies. The Hayman reference does not 
discuss or teach that routines that are registered with the database management system. Hayman 
does describe security labels in the form of a capability set that are assigned or placed on an 
object by the owner of the object. However, these labels cannot in any way be equated to the 
routines used to support the label-based security policies. 

In sum, Hayman only discusses the use of security-based labels and not registered 
routines that may be, for example, customized to affect how those labels are used to determine 
proper access. The Hayman implementation uses non-registerable and native components of an 
application to implement the policies. 

Thus, because Hayman does not teach, suggest, or render obvious Claims 6 and 26, it is 
respectfully submitted that Claims 6 and 26 are patentable over Hayman. Reconsideration and 
allowance of claims 6 and 26 are respectfully requested. 
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Dependent Claims 

The pending claims not discussed so far are dependent claims that depend on an 
independent claim that is discussed above. Because each of the dependent claims includes the 
limitations of claims upon which they depend, the dependent claims are patentable for at least 
those reasons the claims upon which the dependent claims depend are patentable. Removal of the 
rejections with respect to the dependent claims and allowance of the dependent claims is 
respectfully requested. In addition, the dependent claims introduce additional limitations that 
independently render them patentable. Due to the fundamental difference already identified, a 
separate discussion of those limitations is not included at this time. 
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For the reasons set forth above, Applicant respectfully submits that all pending claims are 
patentable over the art of record, including the art cited but not applied. Accordingly, allowance 
of all claims is hereby respectfully solicited. 

The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: December ^2005 




Reg. No. 57,181 

2055 Gateway Place, Suite 550 
San Jose, CA95110 

Telephone No.: (408) 414-1080 ext. 229 
Facsimile No.: (408)414-1076 



CERTIFICATE OF MAILING 



I hereby certify that this correspondence is being deposited with the United States Postal Service as first class mail in 
an envelope addressed to: Mail Stop Amendment, Commissioner for Patents, P, O. Box 1450, Alexandria, VA 22313- 
1450. 



on December JjL 2005 
(Date) 



(Signature) 



OID 2001-090-01 



10 



